oss-sec mailing list archives
Re: Re: CVE Request - HMS Testimonials 2.0.10 WP plugin
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 12 Aug 2013 14:20:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2013 12:52 AM, Adéla Goldová wrote:
I noticed how I managed to spell the name really wrong in the message text. I just wanted to fix it to avoid confusion. The name should be HMS Testimonials. On 8/10/2013 at 6:31 PM, "Adéla Goldová" <roguecoder () hush com> wrote:Hello The HMS Tesminoalis version 2.0.10 plugin for WordPress contains multiple CSRF and XSS vulnerabilities. This can be used in many different ways, like defacement of both public site and the admin area (only the HMS Testimonials plugin area will be affected), modify settings to set a lower role as moderator (very harmful on sites with open registrations), etc. Could CVE's be assigned to this? 1: http://seclists.org/fulldisclosure/2013/Aug/96
CVE MERGE, same researcher/versions, so: CVE-2013-4240 HMS Testimonials 2.0.10 CSRF CVE-2013-4241 HMS Testimonials 2.0.10 XSS - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSCUN5AAoJEBYNRVNeJnmT8/MP/32QsjkC/rXOmSuEwp29Zpr3 BrMdD0DGkL1+RbdeE1bCvV9G+V3/qMedM8qJDaj7Hhj48cTWLtgTBd1BPNgNCq5L TRiLUTfMz2xZtezlW8gu/VFcX3BrMJgCVdddYFp94/DPJf/Y+k224ufYIqO8wCl3 oeibSCzlFB5DR3br9hQPXvlwj5IgscoS7nZ4078IuM+vWu0QxzAfT35ismtUFru9 2V64N81RPa0xcBxA6cLxAbC84GDm9dijarrssMsUqK4XBcgN6/2nMJWEXimHRbyO OnuM3R6sFRPsYxHZR01oTH4QLD8dpmNPAJ5Nl9mOHyJoDrLJJUjYeJ2f3hQ38kZE aCRalHh3rzUd0ZuIG4jQs8ikzdZsgulBWXQ9o5UmdgQwoAyhQUKXWu5So9rX+/Cw zHK9R2FMAhTY1RyBHtdrpB6NeECDz3wJfZUKfr9fNarZRVxirfnUfvHt167mHPL0 Hbf/tmkylZNsX5637Ye/2eUJrzBi0kJVkXdIzBzFY/TNpypSpUulLd/+TwnGa6qV sqdsWAT8+JOUg2nYYMZkuiJwENg6AhAkIQ78NUl+5DGfXh4oY5SD+eB9wDcd67jF OWmk8bbGvmQtFMv1fQdZWyOlXWToZRn0TxMySS6yQnWZ2PGRF4SLePdPoQmwdmw6 jtrPW98NPnCCUdNn4ntw =LKt4 -----END PGP SIGNATURE-----
Current thread:
- CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová (Aug 10)
- <Possible follow-ups>
- Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová (Aug 11)
- Re: Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Kurt Seifried (Aug 12)